[Freeipa-users] Trusted AD Users login via gdm

[Leah Zimmermann]

Dear List Members,

I have a FreeIPA-Domain on a CentOS 6.4 machine. It is in a trusted 
relationship to an AD-Domain.
The users of the AD-Domain can login via ssh- or console-login. Then 
they can start the gnome desktop manually. But if they login via gdm 
they logged out immediatly.

In /var/log/Xorg.0.log I see many entries like

[ 88837.701] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 12 connected 
from local host ( uid=42 gid=42 pid=10962 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 270
[ 88837.731] AUDIT: Wed Jun 12 10:56:57 2013: 10913: client 14 connected 
from local host ( uid=42 gid=42 pid=10962 )
   Auth name: MIT-MAGIC-COOKIE-1 ID: 270
[ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 14 disconnected
[ 88868.079] AUDIT: Wed Jun 12 10:57:28 2013: 10913: client 12 disconnected

and an entry in /var/log/messages like

Jun 12 11:18:52 ipa_hostname smbd[11154]:   Failed to find a Unix 
account for AD_NETBIOS$Failed to find a Unix account for 
AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a 
Unix account for AD_NETBIOS$Failed to find a Unix account for 
AD_NETBIOS$Failed to find a Unix account for AD_NETBIOS$Failed to find a 
Unix account for AD_NETBIOS$Failed to find a Unix account for 
AD_NETBIOS$Failed to find a Unix account for 
AD_NETBIOS$_netr_ServerAuthenticate3: netlogon_creds_server_check 
failed. Rejecting auth request from client ADS machine account AD_DOMAIN.

Where AD_DOMAIN and AD_NETBIOS are replacements according to 
http://www.freeipa.org/page/Howto/IPAv3_AD_trust_setup#Assumptions

We need some AD user able to login via gdm to the CentOS machine.
Can someone please tell me how to enable graphical/gdm login on the 
FreeIPA-Server for AD-Users?

thank you in advanced

Leah

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130612/aaff5702/attachment.htm>